On Wed, Sep 21, 2005 at 02:26:13PM -0700, "Hal Finney" wrote:
Careful! If this information is not part of the fingerprint/keyID it can
still be changed by updating the self-signature, no matter whether it's in
thte signature packet or in the key packet.
Not exactly, the self-signature would not (by convention) override the
information in the key subpackets. So just issuing a new self-signature
would not help.
That's not what I meant. If the self-signanture is the only integrity
protection measure, then someone in possession of the private part of the
key can alter the expiration date in the key packet just as he can alter it
in the signature subpacket. If it's hashed with the key ID, changing it
would also change the key ID, ergo resulting in a different key.
What could happen is that someone who got hold of the private material
could create a new key packet with the same keyid/fingerprint but with
a different expiration date. But(!) the new key would not inherit the
signatures on the old key.
That's correct.
That is what I was thinking of as important.
It would not be valid, it would not be part of the Web of Trust.
The idea is that key signatures would cover all of the subpackets,
even though fingerprints do not.
And what about keys that are not part of WoT? In the present standard, I can
trust a key not only because someone I trust has signed it, but also because
I know the fingerprint. Should we break that?
This is a good point, I'll have to think about it. I'm still not
sure that covering this material with key fingerprints and keyids is
the right thing to do.
Me neither, but the more I think about it, the more I am leaning towards
giving the choice to the user by having hashed and unhashed subpackets, both
of which are signed, but only the hashed ones being included in the
fingerprint. But I'll have to think more about it myself.
What would the security threats be from being
able to bring a key back to life with the same fingerprint and keyid,
but without any signatures on it being valid?
Well, it depends on the applicatiton and the user's trust model. What I like
most about OpenPGP is the flexibility of the trust model. Ignoring the WoT
is certainly an option I would like to have.
--
Daniel